/** * 检查用户是否有此操作权限 * * @param string the name of the operation that need access check * @param mixed the user ID. This should can be either an integer and a string representing * the unique identifier of a user. See {@link IWebUser::getId}. * @param array name-value pairs that would be passed to biz rules associated * with the tasks and roles assigned to the user. * @return boolean whether the operations can be performed by the user. * @tudo 检查任务的bizrule */ public function checkAccess($itemName, $userId = null, $params = array()) { // 关闭RBAC验证模式时直接返回true if (!\Yii::$app->getModule('rbac')->rbacCheck) { return true; } if ($userId == null) { $userId = \Yii::$app->user->id; //当前用户 } // 根据用户角色组合权限,判断是否有该权限。权限又分操作权限、数据权限、自定义权限。 // 检查操作权限 先获取用户所有的操作项权限 $authItems = RbacAuthitems::getUserOperationAuthItems($userId); // 如果授权数组为空或返回false,则返回false if (!is_array($authItems)) { return false; } $itemName = strtolower($itemName); foreach ($authItems as $k => $item) { if (strtolower($k) == $itemName) { $itemName = $k; break; } } if (isset($authItems[$itemName])) { return true; } return false; }
public function actionCheckAuthitems() { $model = new models\RbacAuthitems(); //检测此表权限的有效性 $notExistAuthitems = $model->checkAuthitems(); $actions = Yii::$app->request->post('actions'); if ($actions) { //安全过滤 防止删除掉不应该删掉的权限 $actions = array_intersect($actions, $notExistAuthitems); // 然后再通过actions name 来删除关系表中的数据 if (models\RbacAuthitems::deleteAuthItemByNames($actions)) { //刷新总允许运行的权限缓存 models\RbacAuthitems::getAllowedAccess(false); } $notExistAuthitems = array_diff($notExistAuthitems, $actions); } return $this->render('/rbac/authitems/checkAuthitems', ['model' => $model, 'notExistAuthitems' => $notExistAuthitems]); }
public function actionUnAssignUser($user_id, $role_id) { if (preg_match('/^\\d+$/', $user_id) && preg_match('/^\\d+$/', $role_id)) { //删除用户角色的授权 if (models\RbacUserRole::deleteUserRoles($user_id, [$role_id])) { // 更新用户权限缓存 models\RbacAuthitems::getUserOperationAuthItems($user_id, false); } } else { throw new Exception('params is not safe!'); } return $this->redirect(['/rbac/role/related', 'id' => $role_id]); }
public function actionAssignItems($id) { $model = self::findModel($id); $items = Yii::$app->request->post('authItems'); if (!is_array($items)) { throw new Exception('Invalid request.Params has Error. Please do not repeat this request again.'); } // 安全过滤待授权的项目 $authItems = models\RbacAuthitems::getCanAssignItems(); $items = array_intersect($items, $authItems); if ($items && models\RbacTaskItems::assignItemsToTask($id, $items)) { echo '授权成功'; } else { throw new Exception('授权失败'); } }
/** * The auth items that access is always allowed. Configured in srbac module's * configuration * @return The always allowed auth items */ protected function allowedAccess() { return RbacAuthitems::getAllowedAccess(); }